https配置(阿里云win+phpstudy2016)

一 下载证书

我这里的下载流程只供参考,详细的步骤可以去百度搜索。最终的目的是得到4个证书文件

1. 首先申请阿里云免费的ssl认证证书，认证证书申请过程比较简单。请自行百度。登陆阿里云之后，在安全（云盾）板块下-CA证书服务

购买

2. 申请过程比较简单，需要等待阿里云审核通过。通过之后会显示证书。点击“下载”（此教程主要是针对Apache）；

下载

3. 这里选取apache证书。下载的文件包里面有四个文件：

【123.key证书私钥文件,123.pem,证书公钥文件chain.pem,证书链文件 public.pem 】

二 配置phpStudy的Apache

1. 开启apache的编译ssl模块，如图打开phpstudy—其它选项设置—PHP扩展及设置—php扩展—php-openssl前面打勾

配置

2. 打开httpd.conf文件(C:\phpStudy\Apache\conf\httpd.conf根据这个规律去找你安装的位置)
3. 更改httpd.conf的相应文件

• 找到LoadModule ssl_module modules/mod_ssl.so （如果前面有#号把#号去调打开此扩展）
• 找到Include conf/vhosts.conf（如果前面有#号把#号去了）
• 找到Include conf/extra/httpd-ssl.conf（如果前面有#号把#号去了，如果没有此段文字，就搜索# Secure (SSL/TLS) connections，并在它的下一行写上）

#Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

• 现在重启Apache 肯定是红灯，如果把Include conf/extra/httpd-ssl.conf前面加#注释以后能正常启动说明引入文件成功

• 打开httpd-ssl.conf（C:\phpStudy\Apache\conf\extra根据这个规律去找你安装的位置）

• 把下面<VirtualHost><VirtualHost>的内容全部删除

  <VirtualHost >
      。。。。。。
  </VirtualHost>    
  

  • 更改如下

    <VirtualHost *:443>
        SSLEngine on
        SSLProtocol TLSv1 TLSv1.1 TLSv1.2
        SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
        SSLCertificateFile "C:/phpStudy/Apache/cert/public.pem"
        SSLCertificateKeyFile  "C:/phpStudy/Apache/cert/11.key"
        SSLCertificateChainFile  "C:/phpStudy/Apache/cert/chain.pem"
        ServerName www.exam.com
        DocumentRoot "C:\phpStudy\WWW\exam"
    </VirtualHost>    
    

    • 以上参数说明

      SSLCipherSuite是阿里云提供的，下载证书的页面有

      SSLCertificateFile SSLCertificateKeyFile SSLCertificateChainFile文件是证书的绝对路径

      ServerName 是你网站的域名这个域名必须是和购买证书的iP是对应的映射关系

      DocumentRoot 是www. exam.com域名对应的项目地址：单访问ServerName时就打开WWW下的exam文件(我用的tp框架且把入口index.php放在了项目的根目录下，及直接运行exam/index.php文件了)

      • 再次重启apache正常启动 如果还是红灯肯定是哪里写错了，一定保证httpd.cpmf的Include conf/extra/httpd-ssl.conf开启

      http-ssl.conf源码

      #
      # This is the Apache server configuration file providing SSL support.
      # It contains the configuration directives to instruct the server how to
      # serve pages over an https connection. For detailed information about these 
      # directives see <URL:http://httpd.apache.org/docs/trunk/mod/mod_ssl.html>
      # 
      # Do NOT simply read the instructions in here without understanding
      # what they do.  They're here only as hints or reminders.  If you are unsure
      # consult the online docs. You have been warned.  
      #
      
      #
      # Pseudo Random Number Generator (PRNG):
      # Configure one or more sources to seed the PRNG of the SSL library.
      # The seed data should be of good random quality.
      # WARNING! On some platforms /dev/random blocks if not enough entropy
      # is available. This means you then cannot use the /dev/random device
      # because it would lead to very long connection times (as long as
      # it requires to make more entropy available). But usually those
      # platforms additionally provide a /dev/urandom device which doesn't
      # block. So, if available, use this one instead. Read the mod_ssl User
      # Manual for more details.
      #
      #SSLRandomSeed startup file:/dev/random  512
      #SSLRandomSeed startup file:/dev/urandom 512
      #SSLRandomSeed connect file:/dev/random  512
      #SSLRandomSeed connect file:/dev/urandom 512
      
      #
      # When we also provide SSL we have to listen to the 
      # standard HTTP port (see above) and to the HTTPS port
      #
      # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
      #       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
      #
      Listen 443
      
      ##
      ##  SSL Global Context
      ##
      ##  All SSL configuration in this context applies both to
      ##  the main server and all SSL-enabled virtual hosts.
      ##
      
      #   Pass Phrase Dialog:
      #   Configure the pass phrase gathering process.
      #   The filtering dialog program (`builtin' is a internal
      #   terminal dialog) has to provide the pass phrase on stdout.
      SSLPassPhraseDialog  builtin
      
      #   Inter-Process Session Cache:
      #   Configure the SSL Session Cache: First the mechanism 
      #   to use and second the expiring timeout (in seconds).
      #SSLSessionCache         "dbm:/Apache24/logs/ssl_scache"
      SSLSessionCache        "shmcb:/Apache24/logs/ssl_scache(512000)"
      SSLSessionCacheTimeout  300
      
      ##
      ## SSL Virtual Host Context
      ##
      
      <VirtualHost *:443>
          SSLEngine on
          SSLProtocol TLSv1 TLSv1.1 TLSv1.2
          SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
          SSLCertificateFile "C:/phpStudy/Apache/cert/public.pem"
          SSLCertificateKeyFile  "C:/phpStudy/Apache/cert/1.key"
          SSLCertificateChainFile  "C:/phpStudy/Apache/cert/chain.pem"
          ServerName www.exam.com
          DocumentRoot "C:\phpStudy\WWW\exam"
      </VirtualHost>        
      

      • 现在访问域名并手动加上htts如https://www.exam.com应该能够正常访问

      三 自动转htpps

      在项目的根目录下找到并打开.htaccess（C:\phpStudy\WWW\项目名称.htaccess如果没有自建）

      内容如下隐藏了index.php和强行自动跳转https的配置

      <IfModule mod_rewrite.c>
      RewriteEngine on
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . index.php
      </IfModule>
      

​